Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2020
CVE-2020-8256
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
CVSS Score
4.9
EPSS Score
0.027
Published
2020-09-30
CVE-2020-8238
A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.002
Published
2020-09-30
CVE-2020-26149
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-30
CVE-2020-26150
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-30
CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-09-30
CVE-2020-26157
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
CVSS Score
9.6
EPSS Score
0.013
Published
2020-09-30
CVE-2020-26158
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
CVSS Score
9.6
EPSS Score
0.013
Published
2020-09-30
CVE-2020-26160
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-09-30
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-09-30
CVE-2020-26041
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
CVSS Score
9.8
EPSS Score
0.026
Published
2020-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved